Void Dokkaebi, also tracked as Famous Chollima, is a North Korea-aligned intrusion set that systematically targets software developers who hold cryptocurrency wallet credentials, signing keys, and access to continuous integration/continuous delivery (CI/CD) pipelines and production infrastructure.
As previously documented by TrendAI Research, the group poses as recruiters from cryptocurrency and AI firms, luring developers into cloning and executing code repositories as part of fabricated job interviews. This is a pattern independently tracked across the industryopen on a new tab since 2024, but less attention has been paid to what happens after the initial compromise.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Dutch government is relinquishing control of Chinese-owned chipmaker Nexperia
November 19, 2025
The Dutch government said it’s relinquishing control of Chinese-owned chipmaker Nexperia, easing a standoff between China and the Netherlands that threatened supplies of semiconductors vital for global auto manufacturing. Economics Affairs Minister Vincent Karremans said Wednesday that he was suspending an earlier order to take control of Nexperia under a rarely invoked law. Read more… Source: ABC News Sign ...
- Myanmar: Authorities arrest nearly 350 in raids targeting illegal gambling and online scam centres on Thai border
November 19, 2025
On the morning of 18 November, security forces together with departmental teams conducted an operation in the Shwe Kokko area, located to the north of Myawady. First, they cleared three buildings that had been constructed without official permission. During the operation, 346 foreign nationals currently under scrutiny were arrested. Nearly ten thousand mobile phones used in ...
- Tens of thousands more ASUS routers pwned by suspected, evolving China operation
November 19, 2025
Around 50,000 ASUS routers have been compromised in a sophisticated attack that researchers believe may be linked to China, according to findings released today by SecurityScorecard’s STRIKE team. Dubbed “Operation WrtHug”, the campaign exclusively targets end-of-life ASUS WRT routers, exploiting multiple known vulnerabilities – some dating back to 2023. The affected routers are primarily concentrated in ...
- IT threat evolution in Q3 2025. Mobile statistics
November 19, 2025
According to Kaspersky Security Network, in Q3 2025, 47 million attacks utilizing malware, adware, or unwanted mobile software were prevented. Trojans were the most widespread threat among mobile malware, encountered by 15.78% of all attacked users of Kaspersky solutions. More than 197,000 malicious installation packages were discovered, including, 52,723 associated with mobile banking Trojans,1564 packages identified ...
- DoorDash says personal information of customers, dashers stolen in data breach
November 18, 2025
DoorDash confirmed a data breach that exposed the names, email addresses, phone numbers and physical addresses of some of its users, including customers, dashers and merchants. In a Help Center article published Nov. 13, DoorDash said that although hackers stole personal information from users, “no sensitive information was accessed by the unauthorized third party,” and the ...
- Hackers claim to have hit Under Armour in massive data breach
November 18, 2025
The notorious Everest ransomware group has claimed sportswear maker and retailer Under Armour as its latest victim – with the group posting what it claims is a sample of ‘more than millions of personal data’ and internal company data onto a dark web site. The dark leak site post claims the hackers have accessed and exfiltrated ...